Merge branch 'fix-csrf-default-2.3' into fix-csrf-default-2.4
Conflicts: src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
This commit is contained in:
commit
6400bd1d0f
@ -86,7 +86,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
->addEventSubscriber(new CsrfValidationListener(
|
||||
$options['csrf_field_name'],
|
||||
$options['csrf_token_manager'],
|
||||
$options['csrf_token_id'],
|
||||
$options['csrf_token_id'] ?: $builder->getName(),
|
||||
$options['csrf_message'],
|
||||
$this->translator,
|
||||
$this->translationDomain
|
||||
@ -105,7 +105,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
{
|
||||
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
|
||||
$factory = $form->getConfig()->getFormFactory();
|
||||
$data = (string) $options['csrf_token_manager']->getToken($options['csrf_token_id']);
|
||||
$data = (string) $options['csrf_token_manager']->getToken($options['csrf_token_id'] ?: $form->getName());
|
||||
|
||||
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
|
||||
'mapped' => false,
|
||||
@ -139,7 +139,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
'csrf_token_manager' => $csrfTokenManager,
|
||||
'csrf_token_id' => $csrfTokenId,
|
||||
'csrf_provider' => new CsrfTokenManagerAdapter($this->defaultTokenManager),
|
||||
'intention' => 'unknown',
|
||||
'intention' => null,
|
||||
));
|
||||
}
|
||||
|
||||
|
@ -141,6 +141,24 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
||||
$this->assertEquals('token', $view['csrf']->vars['value']);
|
||||
}
|
||||
|
||||
public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
|
||||
{
|
||||
$this->tokenManager->expects($this->once())
|
||||
->method('getToken')
|
||||
->with('FORM_NAME')
|
||||
->will($this->returnValue('token'));
|
||||
|
||||
$view = $this->factory
|
||||
->createNamed('FORM_NAME', 'form', null, array(
|
||||
'csrf_field_name' => 'csrf',
|
||||
'csrf_token_manager' => $this->tokenManager,
|
||||
'compound' => true,
|
||||
))
|
||||
->createView();
|
||||
|
||||
$this->assertEquals('token', $view['csrf']->vars['value']);
|
||||
}
|
||||
|
||||
public function provideBoolean()
|
||||
{
|
||||
return array(
|
||||
@ -181,6 +199,37 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
||||
$this->assertSame($valid, $form->isValid());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideBoolean
|
||||
*/
|
||||
public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
|
||||
{
|
||||
$this->tokenManager->expects($this->once())
|
||||
->method('isTokenValid')
|
||||
->with(new CsrfToken('FORM_NAME', 'token'))
|
||||
->will($this->returnValue($valid));
|
||||
|
||||
$form = $this->factory
|
||||
->createNamedBuilder('FORM_NAME', 'form', null, array(
|
||||
'csrf_field_name' => 'csrf',
|
||||
'csrf_token_manager' => $this->tokenManager,
|
||||
'compound' => true,
|
||||
))
|
||||
->add('child', 'text')
|
||||
->getForm();
|
||||
|
||||
$form->submit(array(
|
||||
'child' => 'foobar',
|
||||
'csrf' => 'token',
|
||||
));
|
||||
|
||||
// Remove token from data
|
||||
$this->assertSame(array('child' => 'foobar'), $form->getData());
|
||||
|
||||
// Validate accordingly
|
||||
$this->assertSame($valid, $form->isValid());
|
||||
}
|
||||
|
||||
public function testFailIfRootAndCompoundAndTokenMissing()
|
||||
{
|
||||
$this->tokenManager->expects($this->never())
|
||||
|
Reference in New Issue
Block a user